You love Systemd – you just don't know it yet, wink Red Hat bods
It's the anchovy pasta of Linux administration, it seems
Red Hat Summit Senior Red Hat techies this week urged Red Hat Enterprise Linux sysadmins to give Systemd a chance if they haven't already taken the software to heart.
At the 2018 Red Hat Summit in San Francisco on Wednesday, Linux container product manager Ben Breard, and senior principal engineer and Systemd co-creator Lennart Poettering, talked up the virtues of Systemd over plain old init.
First, a bit of background
On traditional Unix-flavored systems, init is the first process to execute, and runs various shell scripts and programs to start up the computer. It typically comes with a set of scripts that can be used to control running services, and it becomes the parent and grandparent of future processes.
Systemd is a replacement of the classic init system, is written in C as an application rather than a collection of shell scripts, has various modern features missing from classic init, and was gradually adopted by Linux distributions, kicking out its predecessor.
Systemd-free Devuan Linux releases version 2.0 release candidateREAD MORE
Systemd is controversial because, some argue, as a centralized application suite it goes against the Unix philosophy of having lots of little programs that each do one thing particularly well. Some folks also resented having what looked like a reinvented wheel – complete with its own weird bugs and vulnerabilities and new command syntaxes – forced on them without much say in the matter. It also became a crucial dependency for many software packages, locking people in. It renamed network interfaces so they would have predictable names. It held no prisoners.
It's a pretty polarizing debate: either you see Systemd as a modern, clean, and coherent management toolkit, or an unnecessary burden running roughshod over the engineering maxim: if it ain't broke, don't fix it. For many Linux distro makers, though, init needed fixing.
Back to Breard and Poettering
At the Red Hat confab, Breard admitted that since Systemd was officially introduced as the default init option in Red Hat Enterprise Linux 7 in 2014, the software hasn't always been met with open arms by the community.
"People respond to it with anything from curiosity to rage," Breard mused. "The more people learn about it, the more they like it. We have seen this pan out over the last few years."
Breard and Poettering told attendees that, in many cases, Systemd is able to dramatically simplify the management of processes while at the same time giving administrators tighter control over their machines.
For example, noted Poettering, Systemd can fully track down and kill off all processes associated with a service being shut down, something rival init systems are unable to cleanly do.
"It sounds super basic, but actually it is much more complex than people think," Poettering said. "Because Systemd knows which service a process belongs to, it can shut down that process."
Systemd is pretty good at enforcing security policies, we were told. Because it has the ability to limit services' access to resources, controls can be put in place to effectively sandbox software and lock down code from doing potentially malicious things, such as write to storage or read sensitive data in particular directories.
Sure, you can do all this sort of thing with containers and chroots, and your own shell scripts, but it's there out of the box from Systemd if you need it. That's the pro-Systemd argument, anyway.
Additionally, services' access to processor core time can be regulated, thus tuning system performance as certain programs and servers are given a lot, or fewer, CPU cycles.
Breard and Poettering said they will try to further enhance Systemd by, for instance, extending its ability to manage network connections and containers.
And perhaps, in the process, you may warm up a bit more to the tool. ®
Sponsored: Becoming a Pragmatic Security Leader